Effectively Marrying Big Data Analytics and SIEMsForensics Specialist Garner Warner on Why Both Are Essential
As big-data analytics matures, it will play a bigger role, but security information and event management software, or SIEMs, will also remain essential, contends Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham.
Alerts about traffic patterns linked to botnets used to wage massive spam attacks often come in via SIEMs, Warner explains in an interview with Information Security Media Group. "And that ability to combine the threat intelligence that is coming into the SIEM with the log-event management that a lot of SIEMs have is still where you're going to be able to hunt for incident response," he says.
SIEMs may not provide the same type of "proactive" warning for fraud prediction that big-data analytics systems can, but they will always provide critical information for incident response work, he adds.
"Once we recognize the bad thing we're looking for, we need a way to effectively crawl the logs of the entire organization to find, 'Where did that occur?' or, 'Have we encountered that in the past?' Warner says.
Coupling the predictive capabilities of big data analytics with SIEMs' incident response will prove to be the most effective approach, Warner contends.
"Having a single place to concentrate all of the logs of the organization, which is one of the roles the SIEM plays, is still going to be critical," he says.
In this interview (see audio link below photo), Warner also discusses:
- Crowdsourced malware attacks;
- Machine learning's role in removing false positives and cutting down on the "noise" associated with too much big data; and
- Why healthcare is spending "woefully inadequate" amounts on big-data analytics.
At the University of Alabama at Birmingham, Warner is concentrating on research that will help law enforcement and other security professionals identify, apprehend, prosecute and convict cybercriminals. His Computer Forensics Research Lab includes 35 researchers focused on email-based crimes, including spam, phishing and malware proliferation. In addition to his work with the University of Alabama, Warner also partners with cybersecurity firm DarkTower, formerly Queen Associates, on threat intelligence research. Warner has more than two decades of experience in computer forensics, including developing advanced techniques in identifying cybercriminals, and developing anti-malware and anti-phishing techniques, for such clients as Microsoft, Wells Fargo, Bank of America, Regions Bank, Facebook and eBay.